AUDITING IN A COMPUTERIZED

ENVIRONMENT
Chapter 7
Prepared and Reported by: Calagui, Mary Joy M.
Minglana, Mitch T.
 CHARACTERISTICS OF COMPUTER
INFORMATION SYSTEMS (CIS)
Lack of visible transaction trails
Consistency of performance
Ease of access to data and computer programs
Concentration of duties
Systems generated transactions
Vulnerability of data and program storage media
 INTERNAL CONTROL IN A CIS
ENVIRONMENT
A variety of controls are performed to check accuracy,
completeness, and authorization of transactions.

Two types of internal control procedures:

1. General Controls
2. Application Controls
 GENERAL CONTROLS
Organizational Controls
a. Segregation between the CIS department and user
department
- CIS department must be independent of all departments
within the entity that provide input data or that use output
generated by the CIS
 GENERAL CONTROLS
b. Segregation of duties within the CIS department
CIS Director

Systems development Operations Other Functions

Systems Computer
Librarian
Analyst Operator

Data Entry
Programmer Control Group
Operator
 GENERAL CONTROLS
Systems Development and Documentation Controls
Access Controls
Data Recovery Controls
Monitoring Controls
 APPLICATION CONTROLS
Controls over input
Key verification
Field check
Validity check
Self-checking digit
Limit check
Control totals
Controls over processing
Controls over output
 TEST OF CONTROL IN A CIS
ENVIRONMENT
In testing application controls, the auditor may either:
Audit around the computer; or
Use Computer-Assisted Audit Techniques
 AUDITING AROUND THE
COMPUTER
Auditing around the computer can be used only if there are
visible input documents and detailed output that will enable the
auditor to trace individual transactions back and forth.
This is also known as “black box approach” because it does
not permit direct assessment of actual processing of transactions.
 COMPUTER ASSISTED AUDIT
TECHNIQUES (CAATs)
CAATs are computer programs and data which the
auditor uses as part of the audit procedures to process
data of audit significance contained in an entity’s
information system.
Some of the commonly used CAATs include test data,
integrated test facility and parallel simulation.
 TEST DATA
Auditor’s Test
Data

Processed using
client’s program

Compare Auditor’s Expected

Output
Manually Output
 INTEGRATED TEST FACILITY
Auditor’s Test
Client's Data
Data

Processed using
client’s program

Compare Auditor’s
Output
Manually Expected Output
 PARALLEL SIMULATION
Client’s Data Client’s Data

Processed using Processed using

client’s program client’s program

Output Compare Output

Manually
 OTHER CAATs
Snapshots – this techniques involves taking picture of a
transaction as it flows through the computer systems.

Systems control audit review files (SCARF) – This involves

embedding audit software modules within an application
system to provide continuous monitoring of the systems
transactions.